Terminal Blocks, Europe type terminal strips, screw type terminal connectors, connector strips Jiangmen Krealux Electrical Appliances Co.,Ltd. , https://www.krealux-online.com
Is there a security risk for connected cars? How far is the car network from safety?
Two days ago, a shocking incident involving the loss of control of a Mercedes-Benz cruise control system made waves on social media. The event occurred on March 14th when the car's owner was driving at around 120 km/h for nearly 100 kilometers. The situation escalated late at night, and local authorities in Shaanxi province were involved in the rescue operation. Eventually, the vehicle was remotely controlled to slow down, allowing the driver to escape safely.
After this alarming incident, many people began to question the safety of connected vehicles and future autonomous driving systems. As the Internet of Vehicles (IoV) becomes the next major battleground for the telecommunications industry, it’s crucial to understand the security challenges that come with it. As a telecom technology company, we’ve spent the weekend investigating the security aspects of car networks and are now sharing our findings.
So, is there a security risk in connected cars? The answer is yes. This concern isn't new — in 2015, two security researchers demonstrated how they could hack into a Jeep Cherokee's system, gaining remote control over the entertainment system, brakes, and even steering. This led to a massive recall of 1.4 million vehicles by Fiat Chrysler and raised serious concerns about the security design of connected cars.
How did they do it? Let's take a closer look at the architecture of modern vehicle networks. Most cars today have multiple electronic control units (ECUs) connected through an in-vehicle LAN, which also links to external networks like 4G or 5G. This setup enables features such as car networking and autopilot.
The system is typically divided into four layers:
1. **External Communication Equipment**: This layer handles communication with the outside world, including mobile networks, WiFi, and V2X (Vehicle-to-Everything) systems.
2. **Car Gateway**: It acts as a central hub, managing data exchange between ECUs and external devices, as well as internal communication.
3. **In-Vehicle LAN**: This layer connects all ECUs within the car, divided into domains like body, telematics, and control.
4. **ECU and Functional Components**: These are the actual hardware responsible for controlling various parts of the vehicle, such as the engine, brakes, and doors.
To secure the IoV, a four-layer security framework is essential:
- **External Communication Security**: Ensuring encrypted and authenticated connections to prevent unauthorized access.
- **Car Gateway Security**: Implementing filtering, key management, and anomaly detection to protect the gateway from attacks.
- **In-Vehicle LAN Security**: Preventing tampering, eavesdropping, and data manipulation across the network.
- **ECU and Component Security**: Verifying the integrity of firmware and ensuring no vulnerabilities exist in the software running on the ECU.
Historically, car hacking has taken two main forms: key cloning and OBD interface attacks. For example, hackers have exploited weaknesses in encryption algorithms used for anti-theft systems. Others have accessed the OBD port to inject false data and manipulate vehicle functions.
Currently, the biggest threats in the IoV come from vulnerabilities in the CAN bus, OBD interface, T-BOX, mobile apps, and cloud platforms. One notable issue is the LIN protocol, often used for less critical components like door locks and lights. Although not as secure as CAN, it can still be exploited to gain control over important vehicle functions.
As telecom operators work closely with automakers, they’ve identified potential loopholes in the LIN protocol. This highlights the need for comprehensive security measures across all layers of the vehicle network.
Safety is never trivial. In the context of the IoV, it directly affects personal safety and property. As the industry moves toward faster and more connected networks, security must remain a top priority. Future developments will require collaboration across industries to establish standards and protocols that address all possible security risks in the vehicle ecosystem.